none
Windows Filtering Platform and .NET RRS feed

  • Question

  • Its great that Vista and above comes up with a wfp platform for developers to design and implement firewall like access easily without the need for ndis drivers and such. however i can't seem to find any managed (i.e .net dll) code for wfp so that i can implement it inside a .net application

    does anyone know where to find such a component?
    Tuesday, December 22, 2009 10:18 PM

Answers

  • Common Types

       GUID

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet=System.Runtime.InteropServices.CharSet.Ansi)]
    public struct GUID {
        
        /// unsigned int
        public uint Data1;
        
        /// unsigned short
        public ushort Data2;
        
        /// unsigned short
        public ushort Data3;
        
        /// unsigned char[8]
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst=8)]
        public string Data4;
    }
    

       SID_IDENTIFIER_AUTHORITY

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct SID_IDENTIFIER_AUTHORITY {
        
        /// BYTE[6]
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst=6, ArraySubType=System.Runtime.InteropServices.UnmanagedType.I1)]
        public byte[] Value;
    }

       SID

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct SID {
        
        /// BYTE->unsigned char
        public byte Revision;
        
        /// BYTE->unsigned char
        public byte SubAuthorityCount;
        
        /// SID_IDENTIFIER_AUTHORITY->_SID_IDENTIFIER_AUTHORITY
        public SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
        
        /// DWORD[1]
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst=1, ArraySubType=System.Runtime.InteropServices.UnmanagedType.U4)]
        public uint[] SubAuthority;
    }
    

       SEC_WINNT_AUTH_IDENTITY_W

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct SEC_WINNT_AUTH_IDENTITY_W {
        
        /// unsigned short*
        public System.IntPtr User;
        
        /// unsigned int
        public uint UserLength;
        
        /// unsigned short*
        public System.IntPtr Domain;
        
        /// unsigned int
        public uint DomainLength;
        
        /// unsigned short*
        public System.IntPtr Password;
        
        /// unsigned int
        public uint PasswordLength;
        
        /// unsigned int
        public uint Flags;
    }

    WFP SPECIFIC TYPES

       FWP_BYTE_BLOB

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWP_BYTE_BLOB_ {
        
        /// UINT32->unsigned int
        public uint size;
        
        /// UINT8*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPStr)]
        public string data;
    }
    

       FWP_DISPLAY_DATA0

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWPM_DISPLAY_DATA0_ {
        
        /// wchar_t*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
        public string name;
        
        /// wchar_t*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
        public string description;
    }

       FWP_SESSION0

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWPM_SESSION0_ {
        
        /// GUID->_GUID
        public GUID sessionKey;
        
        /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
        public FWPM_DISPLAY_DATA0_ displayData;
        
        /// UINT32->unsigned int
        public uint flags;
        
        /// UINT32->unsigned int
        public uint txnWaitTimeoutInMSec;
        
        /// DWORD->unsigned int
        public uint processId;
        
        /// SID*
        public System.IntPtr sid;
        
        /// wchar_t*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
        public string username;
        
        /// BOOL->int
        public int kernelMode;
    }

       FWPM_SUBLAYER0

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWPM_SUBLAYER0_ {
        
        /// GUID->_GUID
        public GUID subLayerKey;
        
        /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
        public FWPM_DISPLAY_DATA0_ displayData;
        
        /// UINT16->unsigned short
        public ushort flags;
        
        /// GUID*
        public System.IntPtr providerKey;
        
        /// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
        public FWP_BYTE_BLOB_ providerData;
        
        /// UINT16->unsigned short
        public ushort weight;
    }
    


    APIs

    public partial class NativeMethods {
        
        /// Return Type: DWORD->unsigned int
        ///serverName: wchar_t*
        ///authnService: UINT32->unsigned int
        ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
        ///session: FWPM_SESSION0*
        ///engineHandle: HANDLE*
        [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint="FwpmEngineOpen0")]
    public static extern  uint FwpmEngineOpen0([System.Runtime.InteropServices.InAttribute()] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] string serverName, uint authnService, [System.Runtime.InteropServices.InAttribute()] System.IntPtr authIdentity, [System.Runtime.InteropServices.InAttribute()] System.IntPtr session, ref System.IntPtr engineHandle) ;
    
        
        /// Return Type: DWORD->unsigned int
        ///engineHandle: HANDLE->void*
        ///subLayer: FWPM_SUBLAYER0*
        ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
        [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint="FwpmSubLayerAdd0")]
    public static extern  uint FwpmSubLayerAdd0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, [System.Runtime.InteropServices.InAttribute()] ref FWPM_SUBLAYER0_ subLayer, [System.Runtime.InteropServices.InAttribute()] System.IntPtr sd) ;
    
    }

    Hope this helps

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, January 7, 2010 6:07 PM
    Moderator
  • Currently Microsoft does not offer a .Net solution for utilizing WFP.  At this point in time you will need to use the Platform Invoke (PInvoke) .Net offers and marshal the data and APIs as needed. 

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 23, 2009 10:53 PM
    Moderator
  • Those are imported from FWPUClnt.dll.

    To assist in your endeavors, I suggest using the PInvoke Interop Assistant.

    http://msdn.microsoft.com/en-us/magazine/cc164193.aspx
    http://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=clrinterop&ReleaseId=14120

    Hope this helps
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, December 24, 2009 10:03 PM
    Moderator
  • I used PInvoke Interop Assistant.
    On the SigImp Translate Snippet, just put in the prototype
    You need to do a little work by pulling out the structs it doesn't know about, and putting them in as snippets too.

    Here is a sample:

    Native Code Snippet:
    typedef UINT32 FWP_ACTION_TYPE;
    
    typedef enum FWP_DATA_TYPE_
    {
       FWP_EMPTY = 0,
       FWP_UINT8,
       FWP_UINT16,
       FWP_UINT32,
       FWP_UINT64,
       FWP_INT8,
       FWP_INT16,
       FWP_INT32,
       FWP_INT64,
       FWP_FLOAT,
       FWP_DOUBLE,
       FWP_BYTE_ARRAY16_TYPE,
       FWP_BYTE_BLOB_TYPE,
       FWP_SID,
       FWP_SECURITY_DESCRIPTOR_TYPE,
       FWP_TOKEN_INFORMATION_TYPE,
       FWP_TOKEN_ACCESS_INFORMATION_TYPE,
       FWP_UNICODE_STRING_TYPE,
       FWP_SINGLE_DATA_TYPE_MAX = 0xff,
       FWP_V4_ADDR_MASK,
       FWP_V6_ADDR_MASK,
       FWP_RANGE_TYPE,
       FWP_DATA_TYPE_MAX
    } FWP_DATA_TYPE;
    
    typedef enum FWP_MATCH_TYPE_
    {
       FWP_MATCH_EQUAL                  = 0,
       FWP_MATCH_GREATER                = ( FWP_MATCH_EQUAL + 1 ) ,
       FWP_MATCH_LESS                   = ( FWP_MATCH_GREATER + 1 ) ,
       FWP_MATCH_GREATER_OR_EQUAL       = ( FWP_MATCH_LESS + 1 ) ,
       FWP_MATCH_LESS_OR_EQUAL          = ( FWP_MATCH_GREATER_OR_EQUAL + 1 ) ,
       FWP_MATCH_RANGE                  = ( FWP_MATCH_LESS_OR_EQUAL + 1 ) ,
       FWP_MATCH_FLAGS_ALL_SET          = ( FWP_MATCH_RANGE + 1 ) ,
       FWP_MATCH_FLAGS_ANY_SET          = ( FWP_MATCH_FLAGS_ALL_SET + 1 ) ,
       FWP_MATCH_FLAGS_NONE_SET         = ( FWP_MATCH_FLAGS_ANY_SET + 1 ) ,
       FWP_MATCH_EQUAL_CASE_INSENSITIVE = ( FWP_MATCH_FLAGS_NONE_SET + 1 ) ,
       FWP_MATCH_NOT_EQUAL              = ( FWP_MATCH_EQUAL_CASE_INSENSITIVE + 1 ) ,
       FWP_MATCH_TYPE_MAX               = ( FWP_MATCH_NOT_EQUAL + 1 ) 
    } FWP_MATCH_TYPE;
    
    typedef struct FWPM_DISPLAY_DATA0_
    {
       wchar_t* name;
       wchar_t* description;
    } FWPM_DISPLAY_DATA0;
    
    typedef struct FWP_BYTE_BLOB_
    {
       UINT32 size;
       UINT8* data;
    } FWP_BYTE_BLOB;
    
    typedef struct FWP_BYTE_ARRAY6_
    {
       UINT8 byteArray6[6];
    } FWP_BYTE_ARRAY6;
    
    
    typedef struct FWP_BYTE_ARRAY16_
    {
       UINT8 byteArray16[16];
    } FWP_BYTE_ARRAY16;
    
    typedef struct _FWP_TOKEN_INFORMATION
    {
       ULONG               sidCount;
       PSID_AND_ATTRIBUTES sids;
       ULONG               restrictedSidCount;
       PSID_AND_ATTRIBUTES restrictedSids;
    } FWP_TOKEN_INFORMATION;
    
    typedef struct FWP_V4_ADDR_AND_MASK_
    {
       UINT32 addr;
       UINT32 mask;
    } FWP_V4_ADDR_AND_MASK;
    
    typedef struct FWP_V6_ADDR_AND_MASK_
    {
       UINT8 addr[FWP_V6_ADDR_SIZE];
       UINT8 prefixLength;
    } FWP_V6_ADDR_AND_MASK;
    
    
    typedef struct FWP_VALUE0_
    {
       FWP_DATA_TYPE type;
       union
       {
          UINT8                  uint8;
          UINT16                 uint16;
          UINT32                 uint32;
          UINT64*                uint64;
          INT8                   int8;
          INT16                  int16;
          INT32                  int32;
          INT64*                 int64;
          float                  float32;
          double*                double64;
          FWP_BYTE_ARRAY16*      byteArray16;
          FWP_BYTE_BLOB*         byteBlob;
          SID*                   sid;
          FWP_BYTE_BLOB*         sd;
          FWP_TOKEN_INFORMATION* tokenInformation;
          FWP_BYTE_BLOB*         tokenAccessInformation;
          LPWSTR                 unicodeString;
       };
    } FWP_VALUE0;
    
    typedef struct FWP_RANGE0_
    {
       FWP_VALUE0 valueLow;
       FWP_VALUE0 valueHigh;
    } FWP_RANGE0;
    
    typedef struct FWPM_ACTION0_
    {
       FWP_ACTION_TYPE type;
       union
       {
          GUID filterType;
          GUID calloutKey;
       };
    } FWPM_ACTION0;
    
    typedef struct FWP_CONDITION_VALUE0_
    {
       FWP_DATA_TYPE type;
       union
       {
          UINT8                 uint8;
          UINT16                uint16;
          UINT32                uint32;
          UINT64*               uint64;
          INT8                  int8;
          INT16                 int16;
          INT32                 int32;
          INT64*                int64;
          float                 float32;
          double*               double64;
          FWP_BYTE_ARRAY16*     byteArray16;
          FWP_BYTE_BLOB*        byteBlob;
          SID*                  sid;
          FWP_BYTE_BLOB*        sd;
          FWP_BYTE_BLOB*        tokenInformation;
          FWP_BYTE_BLOB*        tokenAccessInformation;
          LPWSTR                unicodeString;
          FWP_BYTE_ARRAY6*      byteArray6;
          FWP_V4_ADDR_AND_MASK* v4AddrMask;
          FWP_V6_ADDR_AND_MASK* v6AddrMask;
          FWP_RANGE0*           rangeValue;
       };
    } FWP_CONDITION_VALUE0;
    
    typedef struct FWPM_FILTER_CONDITION0_
    {
       GUID                 fieldKey;
       FWP_MATCH_TYPE       matchType;
       FWP_CONDITION_VALUE0 conditionValue;
    } FWPM_FILTER_CONDITION0;
    
    
    typedef struct FWPM_FILTER0_
    {
      GUID                    filterKey;
      FWPM_DISPLAY_DATA0      displayData;
      UINT32                  flags;
      GUID*                   providerKey;
      FWP_BYTE_BLOB           providerData;
      GUID                    layerKey;
      GUID                    subLayerKey;
      FWP_VALUE0              weight;
      UINT32                  numFilterConditions;
      FWPM_FILTER_CONDITION0* filterCondition;
      FWPM_ACTION0            action;
      union
      {
         UINT64 rawContext;
         GUID providerContextKey;
      };
      GUID*                   reserved;
      UINT64                  filterId;
      FWP_VALUE0              effectiveWeight;
    } FWPM_FILTER0;
    
    
    
    DWORD WINAPI FwpmFilterAdd0(__in HANDLE engineHandle,
                                __in const FWPM_FILTER0* filter,
                                __in_opt PSECURITY_DESCRIPTOR sd,
                                __out_opt UINT64* id);
    
    Hope This Helps

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, February 3, 2010 6:43 PM
    Moderator
  • .Net has a GUID class in System.Guid, or you can re-define the GUID structure to your needs.  The layer names are just const GUIDs


    Hope this helps

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, February 7, 2010 2:10 AM
    Moderator

All replies

  • Currently Microsoft does not offer a .Net solution for utilizing WFP.  At this point in time you will need to use the Platform Invoke (PInvoke) .Net offers and marshal the data and APIs as needed. 

    Hope this helps


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, December 23, 2009 10:53 PM
    Moderator
  • Yes i know there's no .net solution, the only way so far is to create a c++ app just to implement the firewall. as for pinvoke, i cannot seem to find which dll to add to add in the relevant wfp functions e.g

    FwpmEngineOpen0

    FwpmSubLayerAdd0

    is it possible for you to provide some working code sample?

    Thursday, December 24, 2009 12:39 AM
  • Those are imported from FWPUClnt.dll.

    To assist in your endeavors, I suggest using the PInvoke Interop Assistant.

    http://msdn.microsoft.com/en-us/magazine/cc164193.aspx
    http://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=clrinterop&ReleaseId=14120

    Hope this helps
    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, December 24, 2009 10:03 PM
    Moderator
  • Tried all those, but can't seem to get the pinvoke signatures out, can you provide the signatures?

    Thursday, January 7, 2010 2:03 PM
  • Common Types

       GUID

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet=System.Runtime.InteropServices.CharSet.Ansi)]
    public struct GUID {
        
        /// unsigned int
        public uint Data1;
        
        /// unsigned short
        public ushort Data2;
        
        /// unsigned short
        public ushort Data3;
        
        /// unsigned char[8]
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst=8)]
        public string Data4;
    }
    

       SID_IDENTIFIER_AUTHORITY

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct SID_IDENTIFIER_AUTHORITY {
        
        /// BYTE[6]
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst=6, ArraySubType=System.Runtime.InteropServices.UnmanagedType.I1)]
        public byte[] Value;
    }

       SID

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct SID {
        
        /// BYTE->unsigned char
        public byte Revision;
        
        /// BYTE->unsigned char
        public byte SubAuthorityCount;
        
        /// SID_IDENTIFIER_AUTHORITY->_SID_IDENTIFIER_AUTHORITY
        public SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
        
        /// DWORD[1]
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst=1, ArraySubType=System.Runtime.InteropServices.UnmanagedType.U4)]
        public uint[] SubAuthority;
    }
    

       SEC_WINNT_AUTH_IDENTITY_W

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct SEC_WINNT_AUTH_IDENTITY_W {
        
        /// unsigned short*
        public System.IntPtr User;
        
        /// unsigned int
        public uint UserLength;
        
        /// unsigned short*
        public System.IntPtr Domain;
        
        /// unsigned int
        public uint DomainLength;
        
        /// unsigned short*
        public System.IntPtr Password;
        
        /// unsigned int
        public uint PasswordLength;
        
        /// unsigned int
        public uint Flags;
    }

    WFP SPECIFIC TYPES

       FWP_BYTE_BLOB

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWP_BYTE_BLOB_ {
        
        /// UINT32->unsigned int
        public uint size;
        
        /// UINT8*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPStr)]
        public string data;
    }
    

       FWP_DISPLAY_DATA0

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWPM_DISPLAY_DATA0_ {
        
        /// wchar_t*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
        public string name;
        
        /// wchar_t*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
        public string description;
    }

       FWP_SESSION0

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWPM_SESSION0_ {
        
        /// GUID->_GUID
        public GUID sessionKey;
        
        /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
        public FWPM_DISPLAY_DATA0_ displayData;
        
        /// UINT32->unsigned int
        public uint flags;
        
        /// UINT32->unsigned int
        public uint txnWaitTimeoutInMSec;
        
        /// DWORD->unsigned int
        public uint processId;
        
        /// SID*
        public System.IntPtr sid;
        
        /// wchar_t*
        [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
        public string username;
        
        /// BOOL->int
        public int kernelMode;
    }

       FWPM_SUBLAYER0

    [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
    public struct FWPM_SUBLAYER0_ {
        
        /// GUID->_GUID
        public GUID subLayerKey;
        
        /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
        public FWPM_DISPLAY_DATA0_ displayData;
        
        /// UINT16->unsigned short
        public ushort flags;
        
        /// GUID*
        public System.IntPtr providerKey;
        
        /// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
        public FWP_BYTE_BLOB_ providerData;
        
        /// UINT16->unsigned short
        public ushort weight;
    }
    


    APIs

    public partial class NativeMethods {
        
        /// Return Type: DWORD->unsigned int
        ///serverName: wchar_t*
        ///authnService: UINT32->unsigned int
        ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
        ///session: FWPM_SESSION0*
        ///engineHandle: HANDLE*
        [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint="FwpmEngineOpen0")]
    public static extern  uint FwpmEngineOpen0([System.Runtime.InteropServices.InAttribute()] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] string serverName, uint authnService, [System.Runtime.InteropServices.InAttribute()] System.IntPtr authIdentity, [System.Runtime.InteropServices.InAttribute()] System.IntPtr session, ref System.IntPtr engineHandle) ;
    
        
        /// Return Type: DWORD->unsigned int
        ///engineHandle: HANDLE->void*
        ///subLayer: FWPM_SUBLAYER0*
        ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
        [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint="FwpmSubLayerAdd0")]
    public static extern  uint FwpmSubLayerAdd0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, [System.Runtime.InteropServices.InAttribute()] ref FWPM_SUBLAYER0_ subLayer, [System.Runtime.InteropServices.InAttribute()] System.IntPtr sd) ;
    
    }

    Hope this helps

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, January 7, 2010 6:07 PM
    Moderator
  • thank you so much! will try it out
    Tuesday, February 2, 2010 9:58 PM
  • Hi Dusty,

    May i know how you managed to get the interop codes? i need to import a few more functions, namely

    FwpmFilterAdd0
    FwpmFilterDeleteById0
    FwpmSubLayerDeleteByKey0
    FwpmEngineClose0
    Tuesday, February 2, 2010 10:23 PM
  • I used PInvoke Interop Assistant.
    On the SigImp Translate Snippet, just put in the prototype
    You need to do a little work by pulling out the structs it doesn't know about, and putting them in as snippets too.

    Here is a sample:

    Native Code Snippet:
    typedef UINT32 FWP_ACTION_TYPE;
    
    typedef enum FWP_DATA_TYPE_
    {
       FWP_EMPTY = 0,
       FWP_UINT8,
       FWP_UINT16,
       FWP_UINT32,
       FWP_UINT64,
       FWP_INT8,
       FWP_INT16,
       FWP_INT32,
       FWP_INT64,
       FWP_FLOAT,
       FWP_DOUBLE,
       FWP_BYTE_ARRAY16_TYPE,
       FWP_BYTE_BLOB_TYPE,
       FWP_SID,
       FWP_SECURITY_DESCRIPTOR_TYPE,
       FWP_TOKEN_INFORMATION_TYPE,
       FWP_TOKEN_ACCESS_INFORMATION_TYPE,
       FWP_UNICODE_STRING_TYPE,
       FWP_SINGLE_DATA_TYPE_MAX = 0xff,
       FWP_V4_ADDR_MASK,
       FWP_V6_ADDR_MASK,
       FWP_RANGE_TYPE,
       FWP_DATA_TYPE_MAX
    } FWP_DATA_TYPE;
    
    typedef enum FWP_MATCH_TYPE_
    {
       FWP_MATCH_EQUAL                  = 0,
       FWP_MATCH_GREATER                = ( FWP_MATCH_EQUAL + 1 ) ,
       FWP_MATCH_LESS                   = ( FWP_MATCH_GREATER + 1 ) ,
       FWP_MATCH_GREATER_OR_EQUAL       = ( FWP_MATCH_LESS + 1 ) ,
       FWP_MATCH_LESS_OR_EQUAL          = ( FWP_MATCH_GREATER_OR_EQUAL + 1 ) ,
       FWP_MATCH_RANGE                  = ( FWP_MATCH_LESS_OR_EQUAL + 1 ) ,
       FWP_MATCH_FLAGS_ALL_SET          = ( FWP_MATCH_RANGE + 1 ) ,
       FWP_MATCH_FLAGS_ANY_SET          = ( FWP_MATCH_FLAGS_ALL_SET + 1 ) ,
       FWP_MATCH_FLAGS_NONE_SET         = ( FWP_MATCH_FLAGS_ANY_SET + 1 ) ,
       FWP_MATCH_EQUAL_CASE_INSENSITIVE = ( FWP_MATCH_FLAGS_NONE_SET + 1 ) ,
       FWP_MATCH_NOT_EQUAL              = ( FWP_MATCH_EQUAL_CASE_INSENSITIVE + 1 ) ,
       FWP_MATCH_TYPE_MAX               = ( FWP_MATCH_NOT_EQUAL + 1 ) 
    } FWP_MATCH_TYPE;
    
    typedef struct FWPM_DISPLAY_DATA0_
    {
       wchar_t* name;
       wchar_t* description;
    } FWPM_DISPLAY_DATA0;
    
    typedef struct FWP_BYTE_BLOB_
    {
       UINT32 size;
       UINT8* data;
    } FWP_BYTE_BLOB;
    
    typedef struct FWP_BYTE_ARRAY6_
    {
       UINT8 byteArray6[6];
    } FWP_BYTE_ARRAY6;
    
    
    typedef struct FWP_BYTE_ARRAY16_
    {
       UINT8 byteArray16[16];
    } FWP_BYTE_ARRAY16;
    
    typedef struct _FWP_TOKEN_INFORMATION
    {
       ULONG               sidCount;
       PSID_AND_ATTRIBUTES sids;
       ULONG               restrictedSidCount;
       PSID_AND_ATTRIBUTES restrictedSids;
    } FWP_TOKEN_INFORMATION;
    
    typedef struct FWP_V4_ADDR_AND_MASK_
    {
       UINT32 addr;
       UINT32 mask;
    } FWP_V4_ADDR_AND_MASK;
    
    typedef struct FWP_V6_ADDR_AND_MASK_
    {
       UINT8 addr[FWP_V6_ADDR_SIZE];
       UINT8 prefixLength;
    } FWP_V6_ADDR_AND_MASK;
    
    
    typedef struct FWP_VALUE0_
    {
       FWP_DATA_TYPE type;
       union
       {
          UINT8                  uint8;
          UINT16                 uint16;
          UINT32                 uint32;
          UINT64*                uint64;
          INT8                   int8;
          INT16                  int16;
          INT32                  int32;
          INT64*                 int64;
          float                  float32;
          double*                double64;
          FWP_BYTE_ARRAY16*      byteArray16;
          FWP_BYTE_BLOB*         byteBlob;
          SID*                   sid;
          FWP_BYTE_BLOB*         sd;
          FWP_TOKEN_INFORMATION* tokenInformation;
          FWP_BYTE_BLOB*         tokenAccessInformation;
          LPWSTR                 unicodeString;
       };
    } FWP_VALUE0;
    
    typedef struct FWP_RANGE0_
    {
       FWP_VALUE0 valueLow;
       FWP_VALUE0 valueHigh;
    } FWP_RANGE0;
    
    typedef struct FWPM_ACTION0_
    {
       FWP_ACTION_TYPE type;
       union
       {
          GUID filterType;
          GUID calloutKey;
       };
    } FWPM_ACTION0;
    
    typedef struct FWP_CONDITION_VALUE0_
    {
       FWP_DATA_TYPE type;
       union
       {
          UINT8                 uint8;
          UINT16                uint16;
          UINT32                uint32;
          UINT64*               uint64;
          INT8                  int8;
          INT16                 int16;
          INT32                 int32;
          INT64*                int64;
          float                 float32;
          double*               double64;
          FWP_BYTE_ARRAY16*     byteArray16;
          FWP_BYTE_BLOB*        byteBlob;
          SID*                  sid;
          FWP_BYTE_BLOB*        sd;
          FWP_BYTE_BLOB*        tokenInformation;
          FWP_BYTE_BLOB*        tokenAccessInformation;
          LPWSTR                unicodeString;
          FWP_BYTE_ARRAY6*      byteArray6;
          FWP_V4_ADDR_AND_MASK* v4AddrMask;
          FWP_V6_ADDR_AND_MASK* v6AddrMask;
          FWP_RANGE0*           rangeValue;
       };
    } FWP_CONDITION_VALUE0;
    
    typedef struct FWPM_FILTER_CONDITION0_
    {
       GUID                 fieldKey;
       FWP_MATCH_TYPE       matchType;
       FWP_CONDITION_VALUE0 conditionValue;
    } FWPM_FILTER_CONDITION0;
    
    
    typedef struct FWPM_FILTER0_
    {
      GUID                    filterKey;
      FWPM_DISPLAY_DATA0      displayData;
      UINT32                  flags;
      GUID*                   providerKey;
      FWP_BYTE_BLOB           providerData;
      GUID                    layerKey;
      GUID                    subLayerKey;
      FWP_VALUE0              weight;
      UINT32                  numFilterConditions;
      FWPM_FILTER_CONDITION0* filterCondition;
      FWPM_ACTION0            action;
      union
      {
         UINT64 rawContext;
         GUID providerContextKey;
      };
      GUID*                   reserved;
      UINT64                  filterId;
      FWP_VALUE0              effectiveWeight;
    } FWPM_FILTER0;
    
    
    
    DWORD WINAPI FwpmFilterAdd0(__in HANDLE engineHandle,
                                __in const FWPM_FILTER0* filter,
                                __in_opt PSECURITY_DESCRIPTOR sd,
                                __out_opt UINT64* id);
    
    Hope This Helps

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Wednesday, February 3, 2010 6:43 PM
    Moderator
  • great, will try it out! thank you so much for your help!
    Friday, February 5, 2010 12:12 AM
  • hmm now i'm stuck at this, can help?
    DEFINE_GUID(
       FWPM_LAYER_ALE_AUTH_CONNECT_V4,
       0xc38d57d1,
       0x05a7,
       0x4c33,
       0x90, 0x4f, 0x7f, 0xbc, 0xee, 0xe6, 0x0e, 0x82
    );
    Friday, February 5, 2010 8:46 AM
  • .Net has a GUID class in System.Guid, or you can re-define the GUID structure to your needs.  The layer names are just const GUIDs


    Hope this helps

    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, February 7, 2010 2:10 AM
    Moderator
  • As things stand now? Interestingly, there are any support .Net over the years?
    Thursday, March 20, 2014 12:32 PM
  • Nothing has changed in this area.  Most of the truly important tasks performed by AV and firewall vendors need to have a kernel callout driver.  The callout driver is native code, and .Net allows one to PInvoke the management APIs for the user-mode, so no investment was made in porting WFP to .Net.

    If you really only care about PERMIT / BLOCK rules, then you can write managed code that configures rules in Windows Firewall.  Doing so allows you abstraction from WFP.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Thursday, March 20, 2014 4:32 PM
    Moderator
  • Thanks, for your reply.

    I want create my PPTP like protocol. I need capture all packets and ressive some info about. Like adress, ports, size. And send it to remote server. Can i try do this in user mode on C++ ?


    • Edited by Max Charp Tuesday, March 25, 2014 7:51 PM
    Tuesday, March 25, 2014 7:50 PM
  • You would need a WFP callout driver in order to gather all of that information.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Thursday, March 27, 2014 6:25 PM
    Moderator